2018 is considered to be the year of spam emails

According to the researchers, there is a significant increase in spam emails in 2018. Even though it has been 40 years after the first spam message was sent, victims continue to receive malicious emails with malware attachments until today[1]. The deceptive electronic letters contain bogus URLs, scams or viruses to attack potential victims.

IT experts reveal that the distribution of spam emails have increased from 13.4% to 14.2% between the second half of 2017 and the first half of 2018[2]. Cybersecurity researcher at F-Secure, Päivi Tynninen, categorize email spams into the following classes:

Email spam is once again the most popular choice for sending out malware. Of the spam samples we’ve seen over spring of 2018, 46% are dating scams, 23% are emails with malicious attachments, and 31% contain links to malicious websites.

The majority of malicious attachments are merely five file types

It is believed that the popularity of spam emails is based upon the improvements in technology. Improved browser and OS security make it even harder to employ exploit kits or vulnerabilities. Thus, spam emails are the most convenient way to deliver malware. In fact, researchers note that 85% of bogus attachments are the following five file types[3]:

.ZIP

.DOC

.7Z

.PDF

.XLS

During the past few years, it’s gained more popularity against other vectors, as systems are getting more secure against software exploits and vulnerabilities <…>

Additionally, cybercriminals use social engineering techniques to increase the rate of infection. Usually, attackers create email spams based upon hot topics. One of the most popular subjects of 2017 were Harvey and Irma hurricanes, the earthquake in Mexico and cryptocurrencies, like Bitcoin[4].

The analysis showed that scammers tried to trick people with urges for assistance from Nigerian people to obtain inheritance of deceased relatives. Other spam emails related to digital currency were spreading offers to get programs which would supposedly allow mining cryptocurrency faster.

Bogus URLs are preferred over malicious attachments in 2018

Surprisingly, researchers discovered that hackers not only include malicious attachments but also links to questionable sites[5]. Even though the page is harmless at first, it later redirects unsuspecting computer users to websites with hazardous content. Additionally, the following improvements help cybercriminals make malspam campaigns even more successful:

Familiarity. Chances of victims opening the electronic letter increase by 12% if the email come from a known person;

Literacy. Error-free subject line increases spam success by 4.5 %;

Urgency. Implications of urgency help to make the malspam campaign even more effective.

About the author

Julie Splinters
- Malware removal specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.